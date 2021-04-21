I’m privileged and humbled by my surroundings. This is not to propose that my home office contains lavish, worldly tchotchkes or mementos of professional accolades. Quite the contrary as I scan the small area one could call a home office and its bankers boxes with scant Sharpie labels scratched out, incompletely serving as manifests.
The surroundings that impress me are those of human beings, namely academic researchers. These graduate students, mostly ensconced in cybersecurity research, keep their collective finger on the pulses of security and technologies. That’s about as succinct as I can put it because the range of topics seems wide as that of human experiences. These smarties are from all over the globe, work in the IT profession, and have college degrees in that space. That describes the core with the remainder of them representing all sorts of backgrounds. Homemakers, both men and women; scientists in more traditional fields such as biology or chemistry; real estate professionals; law enforcement; college professors. You name it, the academic and professional makeups run the gamut. Thus, while their focus generally is common in that they’re interested in information security, from there the viewpoints are diverse as their backgrounds reflect.
Some research healthcare security. Others look at the subject within finance. This list, like one cataloging their various backgrounds, could be endless. Hundreds, maybe closer to 1,000, have been in my classes during the past few years. Observing and supporting smart people who delve into phenomena of the human condition with a lens—here, cybersecurity—that I personally use is the sort of experience that makes me humble and feel a sense of privilege. It also has a subtle marketing effect that invokes my own college coursework while studying that piece of the field of business. There, I first learned or realized that to receive the same message, meaning a marketing message, time and again works on us and can convince us that we need the new iPhone or Subway sandwich. “Buy it, buy it, buy it…. Okay, I need that!”
Lately, from this savvy collection of cybersecurity researchers, I’m receiving an irresistible, repeated message. Its consistency is evident despite it coming from a diverse range of backgrounds. Whether they’re investigating healthcare or finance or e-commerce or an IT business, the message is that during the novel coronavirus pandemic the hackers have been making greater advances and attained more successes than ever.
For around a year I and myriad others sharing our opinions and knowledge have discussed these most apparent and ever-present new risks. When workers, at least many of them, left the seemingly unhealthy office environment filled with its viral particulates, they literally and figuratively opened new doors to the internet’s criminal element. We traded down the well-thought-out processes and protocols that our workplace’s IT department put in place and continually improved. In exchange, we connected from our box-ridden rooms or kitchen islands through hardware and devices not intended for commercial use, nor defensive to much more than pedestrian, mass market security threats. It’s as if you’re planning a 4,000-mile, weeks-long road trip and then just as you head out you swap your low-mileage, year-old car for a misfiring jalopy. Well, it’s something like that.
The current research agrees with this position that internet crime and fraud risks amped up while the workplace paradigm shifted from having vault-like security to a beaded doorway. The graduate students tell this same story no matter the context they’re examining it within. In addition to our work-from-home status adding severe vulnerabilities that hackers and mala fide, enterprising criminals of other stripes exploit, there’s an even closer risk that’s on the rise. How much closer? Try looking within.
Every organization faces some level of threat from within. Moles aren’t subversive roles reserved to national security agencies or embassy staff abroad. Corporate espionage is a thing. Opportunists might be known as job applicants trying to weasel in and access valuable information. Dissatisfied employees may turn on their dime of loyalty. Current research reflects that in our wackadoo world, cyberthreats in general are trending upward and those incidents that bite the feeding hand of their own employer also are growing in number.
Insider cybersecurity threats have always been a factor for organizations. However, they are more commonly couched in threats not realized from malicious acts but rather because of our competence as computer users. “Password123” anyone? That’s a real threat. Now, however, the reports are more likely to include bad actors and actions as part of their insider risk tales. In governmental workplaces where security is part and parcel to the business at hand there’s a baked in skepticism about the human components. That’s why those of us who are, or were (that’s me), working in secured spaces undergo security clearance scrutiny. D-T-A: Don’t trust anyone. Should the Apple Store or Subway impose such scrutiny? Should any employer trust any employee? We’ve acknowledged that risks are always present, and are likely growing in scope and frequency in this environment. But, we also know that trust is integral to a healthy team.
What’s a business owner, manager, or any leader to do? Whether in your garden or business, a mole is a pesky being that needs attention. Perhaps, and setting aside any gardening tips—which if you saw my annual “bounty” you would know not to heed—that’s the best place to start: Being attentive. Communicate with your coworkers, even if you’re still limited to Zoom or some other videoconferencing channel of communication. When you genuinely take interest and listen, you are building a culture that might just be such that insider threats get contained.
Communication usually provides a solution. How does a jumper get convinced to step back from the ledge? How might you know if an employee’s going rogue? It’s a lesson that expands beyond your workplace. Communicating cures cyberthreats and more.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
